soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Checks for right shadow login when adding an entry

Browse Source 
Use exec() instead of query() when it's necessary for SQL queries
This commit is contained in:
Grégory Soutadé 2017-04-17 20:37:26 +02:00
parent 48571b31c1
commit b4b54ec57c
1 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
server/functions.php
View File

@ -131,10 +131,10 @@ function migrate_database($user, $db)
$migration_functions = ['_migrate_0', '_migrate_1']; $migration_functions = ['_migrate_0', '_migrate_1'];
$version = $db->querySingle("SELECT db_version FROM conf"); $version = $db->querySingle("SELECT db_version FROM conf");
if ($version == false || $version == -1) if ($version == NULL || $version == -1)
{ {
$version = $db->querySingle("SELECT version FROM db_version"); $version = $db->querySingle("SELECT version FROM db_version");
if ($version == false || $version == -1) if ($version == NULL || $version == -1)
$version = 0; $version = 0;
} }
@ -172,6 +172,8 @@ function load_database($user)
function add_entry($user, $login, $password, function add_entry($user, $login, $password,
$shadow_login, $salt, $access_token) $shadow_login, $salt, $access_token)
{ {
global $USE_SHADOW_LOGINS;
$db = load_database($user); $db = load_database($user);
if ($db == null) if ($db == null)
@ -180,22 +182,30 @@ function add_entry($user, $login, $password,
return false; return false;
} }
if ($USE_SHADOW_LOGINS && (strlen($shadow_login) != 32 ||
strlen($salt) != 32 || strlen($access_token) != 32))
{
$db->close();
echo "Shadow login not configured";
return false;
}
$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'"); $count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");
if ($count != 0) if ($count != NULL && $count != 0)
{ {
echo "Entry already exists"; echo "Entry already exists";
return false; return false;
} }
$result = $db->query("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES $result = $db->exec("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");
/* error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */ /* error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */
/* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */ /* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */
$db->close(); $db->close();
if ($result == FALSE) if (!$result)
{ {
echo "Error " . $db->lastErrorMsg(); echo "Error " . $db->lastErrorMsg();
return false; return false;
@ -209,6 +219,8 @@ function add_entry($user, $login, $password,
function delete_entry($user, $login, $access_token) function delete_entry($user, $login, $access_token)
{ {
global $USE_SHADOW_LOGINS;
$db = load_database($user); $db = load_database($user);
if ($db == null) if ($db == null)
@ -220,7 +232,7 @@ function delete_entry($user, $login, $access_token)
if ($USE_SHADOW_LOGINS) if ($USE_SHADOW_LOGINS)
{ {
$db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'"); $db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'");
if (strlen($db_ac) != 0 && strcmp($db_ac, $access_token)) if ($db_ac != NULL && strcmp($db_ac, $access_token))
{ {
$db->close(); $db->close();
echo "Bad access token"; echo "Bad access token";
@ -228,10 +240,10 @@ function delete_entry($user, $login, $access_token)
} }
} }
$result = $db->query("DELETE FROM gpass WHERE login='" . $login . "'"); $result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close(); $db->close();
if ($result == FALSE) if (!$result)
{ {
echo "Error " . $db->lastErrorMsg(); echo "Error " . $db->lastErrorMsg();
return false; return false;